diff options
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/lib.sh | 2 | ||||
| -rwxr-xr-x | utils/lib_redis.sh | 290 | ||||
| -rwxr-xr-x | utils/lib_valkey.sh | 73 | ||||
| -rwxr-xr-x | utils/searxng.sh | 133 | ||||
| -rw-r--r-- | utils/searxng_check.py | 11 | ||||
| -rw-r--r-- | utils/templates/etc/apt/sources.list.d/debian-stable-backports.sources | 6 | ||||
| -rw-r--r-- | utils/templates/etc/apt/sources.list.d/ubuntu-stable-backports.sources | 6 | ||||
| -rw-r--r-- | utils/templates/etc/searxng/settings.yml | 6 | ||||
| -rw-r--r-- | utils/templates/lib/systemd/system/searxng-redis.service | 42 |
9 files changed, 145 insertions, 424 deletions
diff --git a/utils/lib.sh b/utils/lib.sh index 1ef273535..7886520c6 100755 --- a/utils/lib.sh +++ b/utils/lib.sh @@ -7,6 +7,8 @@ DIST_ID=$(source /etc/os-release; echo "$ID"); # shellcheck disable=SC2034 DIST_VERS=$(source /etc/os-release; echo "$VERSION_ID"); +# shellcheck disable=SC2034 +DIST_VERSION_CODENAME=$(source /etc/os-release; echo "$VERSION_CODENAME"); ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}" ADMIN_NAME="${ADMIN_NAME:-$USER}" diff --git a/utils/lib_redis.sh b/utils/lib_redis.sh index ba1435a86..3b481dc75 100755 --- a/utils/lib_redis.sh +++ b/utils/lib_redis.sh @@ -1,190 +1,26 @@ #!/usr/bin/env bash # -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*- # SPDX-License-Identifier: AGPL-3.0-or-later -# -# Tools to build and install redis [1] binaries & packages. -# -# [1] https://redis.io/download#installation -# -# 1. redis.devpkg (sudo) -# 2. redis.build -# 3. redis.install (sudo) -# -# systemd commands:: -# -# sudo -H systemctl status searxng-redis -# sudo -H journalctl -u searxng-redis -# sudo -H journalctl --vacuum-size=1M -# -# Test socket connection from client (local user):: -# -# $ sudo -H ./manage redis.addgrp "${USER}" -# # logout & login to get member of group -# $ groups -# ... searxng-redis ... -# $ source /usr/local/searxng-redis/.redis_env -# $ which redis-cli -# /usr/local/searxng-redis/.local/bin/redis-cli -# -# $ redis-cli -s /usr/local/searxng-redis/redis.sock -# redis /usr/local/searxng-redis/redis.sock> set foo bar -# OK -# redis /usr/local/searxng-redis/redis.sock> get foo -# "bar" -# [CTRL-D] - # shellcheck disable=SC2091 # shellcheck source=utils/lib.sh . /dev/null -REDIS_GIT_URL="https://github.com/redis/redis.git" -REDIS_GIT_TAG="${REDIS_GIT_TAG:-6.2.6}" - REDIS_USER="searxng-redis" REDIS_GROUP="searxng-redis" -REDIS_HOME="/usr/local/${REDIS_USER}" -REDIS_HOME_BIN="${REDIS_HOME}/.local/bin" -REDIS_ENV="${REDIS_HOME}/.redis_env" - REDIS_SERVICE_NAME="searxng-redis" REDIS_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${REDIS_SERVICE_NAME}.service" -# binaries to compile & install -REDIS_INSTALL_EXE=(redis-server redis-benchmark redis-cli) -# link names of redis-server binary -REDIS_LINK_EXE=(redis-sentinel redis-check-rdb redis-check-aof) - -REDIS_CONF="${REDIS_HOME}/redis.conf" -REDIS_CONF_TEMPLATE=$(cat <<EOF -# Note that in order to read the configuration file, Redis must be -# started with the file path as first argument: -# -# ./redis-server /path/to/redis.conf - -# bind 127.0.0.1 -::1 -protected-mode yes - -# Accept connections on the specified port, default is 6379 (IANA #815344). -# If port 0 is specified Redis will not listen on a TCP socket. -port 0 - -# Specify the path for the Unix socket that will be used to listen for -# incoming connections. - -unixsocket ${REDIS_HOME}/run/redis.sock -unixsocketperm 770 - -# The working directory. -dir ${REDIS_HOME}/run - -# If you run Redis from upstart or systemd, Redis can interact with your -# supervision tree. -supervised auto - -pidfile ${REDIS_HOME}/run/redis.pid - -# log to the system logger -syslog-enabled yes -EOF -) - redis.help(){ cat <<EOF redis.: - devpkg : install essential packages to compile redis - build : build redis binaries at $(redis._get_dist) - install : create user (${REDIS_USER}) and install systemd service (${REDIS_SERVICE_NAME}) remove : delete user (${REDIS_USER}) and remove service (${REDIS_SERVICE_NAME}) - shell : start bash interpreter from user ${REDIS_USER} - src : clone redis source code to <path> and checkput ${REDIS_GIT_TAG} - useradd : create user (${REDIS_USER}) at ${REDIS_HOME} userdel : delete user (${REDIS_USER}) - addgrp : add <user> to group (${REDIS_USER}) rmgrp : remove <user> from group (${REDIS_USER}) EOF } -redis.devpkg() { - - # Uses OS package manager to install the essential packages to build and - # compile sources - - sudo_or_exit - - case ${DIST_ID} in - ubuntu|debian) - pkg_install git build-essential gawk - ;; - arch) - pkg_install git base-devel - ;; - fedora) - pkg_install git @development-tools - ;; - centos) - pkg_install git - yum groupinstall "Development Tools" -y - ;; - *) - err_msg "$DIST_ID-$DIST_VERS: No rules to install development tools from OS." - return 42 - ;; - esac -} - -redis.build() { - - # usage: redis.build - - rst_title "get redis sources" section - redis.src "${CACHE}/redis" - - if ! required_commands gcc nm make gawk ; then - info_msg "install development tools to get missing command(s) .." - if [[ -n ${SUDO_USER} ]]; then - sudo -H "$0" redis.devpkg - else - redis.devpkg - fi - fi - - rst_title "compile redis sources" section - - pushd "${CACHE}/redis" &>/dev/null - - if ask_yn "Do you run 'make distclean' first'?" Yn; then - $(bash.cmd) -c "make distclean" 2>&1 | prefix_stdout - fi - - $(bash.cmd) -c "make" 2>&1 | prefix_stdout - if ask_yn "Do you run 'make test'?" Ny; then - $(bash.cmd) -c "make test" | prefix_stdout - fi - - popd &>/dev/null - - tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout -mkdir -p "$(redis._get_dist)" -cd "${CACHE}/redis/src" -cp ${REDIS_INSTALL_EXE[@]} "$(redis._get_dist)" -EOF - info_msg "redis binaries available at $(redis._get_dist)" -} - - -redis.install() { - sudo_or_exit - ( - set -e - redis.useradd - redis._install_bin - redis._install_conf - redis._install_service - ) - dump_return $? -} redis.remove() { sudo_or_exit @@ -200,57 +36,6 @@ redis.shell() { interactive_shell "${REDIS_USER}" } -redis.src() { - - # usage: redis.src "${CACHE}/redis" - - local dest="${1:-${CACHE}/redis}" - - if [ -d "${dest}" ] ; then - info_msg "already cloned: $dest" - tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout -cd "${dest}" -git fetch --all -git reset --hard tags/${REDIS_GIT_TAG} -EOF - else - tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout -mkdir -p "$(dirname "$dest")" -cd "$(dirname "$dest")" -git clone "${REDIS_GIT_URL}" "${dest}" -EOF - tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout -cd "${dest}" -git checkout tags/${REDIS_GIT_TAG} -b "build-branch" -EOF - fi -} - -redis.useradd(){ - - # usage: redis.useradd - - rst_title "add user ${REDIS_USER}" section - echo - sudo_or_exit - - # create user account - tee_stderr 0.5 <<EOF | sudo -H bash | prefix_stdout -useradd --shell /bin/bash --system \ - --home-dir "${REDIS_HOME}" \ - --comment 'user that runs a redis instance' "${REDIS_USER}" -mkdir -p "${REDIS_HOME}" -chown -R "${REDIS_USER}:${REDIS_GROUP}" "${REDIS_HOME}" -groups "${REDIS_USER}" -EOF - - # create App-ENV and add source it in the .profile - tee_stderr 0.5 <<EOF | sudo -H -u "${REDIS_USER}" bash | prefix_stdout -mkdir -p "${REDIS_HOME_BIN}" -echo "export PATH=${REDIS_HOME_BIN}:\\\$PATH" > "${REDIS_ENV}" -grep -qFs -- 'source "${REDIS_ENV}"' ~/.profile || echo 'source "${REDIS_ENV}"' >> ~/.profile -EOF -} redis.userdel() { sudo_or_exit @@ -275,81 +60,6 @@ redis.rmgrp() { } - -# private redis. functions -# ------------------------ - -redis._install_bin() { - local src - src="$(redis._get_dist)" - ( - set -e - for redis_exe in "${REDIS_INSTALL_EXE[@]}"; do - install -v -o "${REDIS_USER}" -g "${REDIS_GROUP}" \ - "${src}/${redis_exe}" "${REDIS_HOME_BIN}" - done - - pushd "${REDIS_HOME_BIN}" &> /dev/null - for redis_exe in "${REDIS_LINK_EXE[@]}"; do - info_msg "link redis-server --> ${redis_exe}" - sudo -H -u "${REDIS_USER}" ln -sf redis-server "${redis_exe}" - done - popd &> /dev/null - - ) -} - -redis._install_conf() { - sudo -H -u "${REDIS_USER}" bash <<EOF -mkdir -p "${REDIS_HOME}/run" -echo '${REDIS_CONF_TEMPLATE}' > "${REDIS_CONF}" -EOF -} - -redis._install_service() { - systemd_install_service "${REDIS_SERVICE_NAME}" "${REDIS_SYSTEMD_UNIT}" -} - redis._remove_service() { systemd_remove_service "${REDIS_SERVICE_NAME}" "${REDIS_SYSTEMD_UNIT}" } - -redis._get_dist() { - if [ -z "${REDIS_DIST}" ]; then - echo "${REPO_ROOT}/dist/redis/${REDIS_GIT_TAG}/$(redis._arch)" - else - echo "${REDIS_DIST}" - fi -} - -redis._arch() { - local ARCH - case "$(command uname -m)" in - "x86_64") ARCH=amd64 ;; - "aarch64") ARCH=arm64 ;; - "armv6" | "armv7l") ARCH=armv6l ;; - "armv8") ARCH=arm64 ;; - .*386.*) ARCH=386 ;; - ppc64*) ARCH=ppc64le ;; - *) die 42 "ARCH is unknown: $(command uname -m)" ;; - esac - echo "${ARCH}" -} - -# TODO: move this to the right place .. - -bash.cmd(){ - - # print cmd to get a bash in a non-root mode, even if we are in a sudo - # context. - - local user="${USER}" - local bash_cmd="bash" - - if [ -n "${SUDO_USER}" ] && [ "root" != "${SUDO_USER}" ] ; then - user="${SUDO_USER}" - bash_cmd="sudo -H -u ${SUDO_USER} bash" - fi - - printf "%s" "${bash_cmd}" -} diff --git a/utils/lib_valkey.sh b/utils/lib_valkey.sh new file mode 100755 index 000000000..7e7beb948 --- /dev/null +++ b/utils/lib_valkey.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: AGPL-3.0-or-later + +valkey.distro.setup() { + # shellcheck disable=SC2034 + + case $DIST_ID in + ubuntu|debian) + VALKEY_PACKAGES="valkey-server" + ;; + arch|fedora|centos) + VALKEY_PACKAGES="valkey" + ;; + *) + err_msg "$DIST_ID: valkey not yet implemented" + ;; + esac +} + +valkey.backports() { + + case $DIST_ID in + debian) + info_msg "APT:: install debian-stable-backports.source / ${DIST_ID}-${DIST_VERS} (${DIST_VERSION_CODENAME})" + install_template /etc/apt/sources.list.d/debian-stable-backports.sources + apt update + ;; + ubuntu) + info_msg "APT:: install ubuntu-stable-backports.source / ${DIST_ID}-${DIST_VERS} (${DIST_VERSION_CODENAME})" + install_template /etc/apt/sources.list.d/ubuntu-stable-backports.sources + apt update + ;; + *) + info_msg "APT:: valkey.backports no implementation / ${DIST_ID}-${DIST_VERS} (${DIST_VERSION_CODENAME})" + ;; + esac +} + +valkey.install(){ + info_msg "installing valkey ..." + valkey.distro.setup + + case $DIST_ID in + debian|ubuntu) + apt-cache show "${VALKEY_PACKAGES}" &> /dev/null || valkey.backports + pkg_install "${VALKEY_PACKAGES}" + + # do some fix ... + # chown -R valkey:valkey /var/log/valkey/ /var/lib/valkey/ /etc/valkey/ + + # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#PrivateUsers= + sed -i 's/PrivateUsers=true/# PrivateUsers=true/' /lib/systemd/system/valkey-server.service + sed -i 's/PrivateUsers=true/# PrivateUsers=true/' /lib/systemd/system/valkey-server@.service + + systemd_activate_service valkey-server + ;; + arch|fedora|centos) + pkg_install "${VALKEY_PACKAGES}" + systemd_activate_service valkey + ;; + *) + # install backports if package is not in the current APT repos + pkg_install "${VALKEY_PACKAGES}" + ;; + esac + + # case $DIST_ID-$DIST_VERS in + # arch-*|fedora-*|centos-7) + # systemctl enable nginx + # systemctl start nginx + # ;; + # esac +} diff --git a/utils/searxng.sh b/utils/searxng.sh index 4ad2ef93f..663ca6d3d 100755 --- a/utils/searxng.sh +++ b/utils/searxng.sh @@ -9,6 +9,8 @@ SEARXNG_UWSGI_USE_SOCKET="${SEARXNG_UWSGI_USE_SOCKET:-true}" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" # shellcheck source=utils/lib_redis.sh source "$(dirname "${BASH_SOURCE[0]}")/lib_redis.sh" +# shellcheck source=utils/lib_valkey.sh +source "$(dirname "${BASH_SOURCE[0]}")/lib_valkey.sh" # shellcheck source=utils/brand.sh source "${REPO_ROOT}/utils/brand.sh" @@ -119,8 +121,8 @@ usage() { # shellcheck disable=SC1117 cat <<EOF usage: - $(basename "$0") install [all|user|pyenv|settings|uwsgi|redis|nginx|apache|searxng-src|packages|buildhost] - $(basename "$0") remove [all|user|pyenv|settings|uwsgi|redis|nginx|apache] + $(basename "$0") install [all|user|pyenv|settings|uwsgi|valkey|nginx|apache|searxng-src|packages|buildhost] + $(basename "$0") remove [all|user|pyenv|settings|uwsgi|valkey|nginx|apache] $(basename "$0") instance [cmd|update|check|localtest|inspect] install|remove: all : complete (de-) installation of the SearXNG service @@ -128,10 +130,13 @@ install|remove: pyenv : virtualenv (python) in ${SEARXNG_PYENV} settings : settings from ${SEARXNG_SETTINGS_PATH} uwsgi : SearXNG's uWSGI app ${SEARXNG_UWSGI_APP} - redis : build & install or remove a local redis server ${REDIS_HOME}/run/redis.sock nginx : HTTP site ${NGINX_APPS_AVAILABLE}/${NGINX_SEARXNG_SITE} apache : HTTP site ${APACHE_SITES_AVAILABLE}/${APACHE_SEARXNG_SITE} install: + valkey : install a local valkey server +remove: + redis : remove a local redis server ${REDIS_HOME}/run/redis.sock +install: searxng-src : clone ${GIT_URL} into ${SEARXNG_SRC} packages : installs packages from OS package manager required by SearXNG buildhost : installs packages from OS package manager required by a SearXNG buildhost @@ -194,7 +199,7 @@ main() { buildhost) searxng.install.buildhost;; nginx) searxng.nginx.install;; apache) searxng.apache.install;; - redis) searxng.install.redis;; + valkey) searxng.install.valkey;; *) usage "$_usage"; exit 42;; esac ;; @@ -208,6 +213,7 @@ main() { uwsgi) searxng.remove.uwsgi;; apache) searxng.apache.remove;; remove) searxng.nginx.remove;; + valkey) searxng.remove.valkey;; redis) searxng.remove.redis;; *) usage "$_usage"; exit 42;; esac @@ -259,7 +265,7 @@ main() { searxng.install.all() { rst_title "SearXNG installation" part - local redis_url + local valkey_url rst_title "SearXNG" searxng.install.packages @@ -277,8 +283,8 @@ searxng.install.all() { searxng.install.uwsgi wait_key - rst_title "Redis DB" - searxng.install.redis.db + rst_title "Valkey DB" + searxng.install.valkey.db rst_title "HTTP Server" searxng.install.http.site @@ -289,77 +295,35 @@ searxng.install.all() { fi } -searxng.install.redis.db() { - local redis_url +searxng.install.valkey.db() { + local valkey_url - redis_url=$(searxng.instance.get_setting redis.url) - rst_para "\ -In your instance, redis DB connector is configured at: + valkey_url=$(searxng.instance.get_setting valkey.url) - ${redis_url} + if [ "${valkey_url}" = "False" ]; then + rst_para "valkey DB connector is not configured in your instance" + else + rst_para "\ +In your instance, valkey DB connector is configured at: + + ${valkey_url} " - if searxng.instance.exec python -c "from searx import redisdb; redisdb.initialize() or exit(42)"; then - info_msg "SearXNG instance is able to connect redis DB." - return + if searxng.instance.exec python -c "from searx import valkeydb; valkeydb.initialize() or exit(42)"; then + info_msg "SearXNG instance is able to connect valkey DB." + return + fi fi - if ! [[ ${redis_url} = unix://${REDIS_HOME}/run/redis.sock* ]]; then - err_msg "SearXNG instance can't connect redis DB / check redis & your settings" + + if ! [[ ${valkey_url} = valkey://localhost:6379/* ]]; then + err_msg "SearXNG instance can't connect valkey DB / check valkey & your settings" return fi - rst_para ".. but this redis DB is not installed yet." + rst_para ".. but this valkey DB is not installed yet." - case $DIST_ID-$DIST_VERS in - fedora-*) - # Fedora runs uWSGI in emperor-tyrant mode: in Tyrant mode the - # Emperor will run the vassal using the UID/GID of the vassal - # configuration file [1] (user and group of the app .ini file). - # - # HINT: without option ``emperor-tyrant-initgroups=true`` in - # ``/etc/uwsgi.ini`` the process won't get the additional groups, - # but this option is not available in 2.0.x branch [2][3] / on - # fedora35 there is v2.0.20 installed --> no way to get additional - # groups on fedora's tyrant mode. - # - # ERROR:searx.redisdb: [searxng (993)] can't connect redis DB ... - # ERROR:searx.redisdb: Error 13 connecting to unix socket: /usr/local/searxng-redis/run/redis.sock. Permission denied. - # ERROR:searx.plugins.limiter: init limiter DB failed!!! - # - # $ ps -aef | grep '/usr/sbin/uwsgi --ini searxng.ini' - # searxng 93 92 0 12:43 ? 00:00:00 /usr/sbin/uwsgi --ini searxng.ini - # searxng 186 93 0 12:44 ? 00:00:01 /usr/sbin/uwsgi --ini searxng.ini - # - # Additional groups: - # - # $ groups searxng - # searxng : searxng searxng-redis - # - # Here you can see that the additional "Groups" of PID 186 are unset - # (missing gid of searxng-redis) - # - # $ cat /proc/186/task/186/status - # ... - # Uid: 993 993 993 993 - # Gid: 993 993 993 993 - # FDSize: 128 - # Groups: - # ... - # - # [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting - # [2] https://github.com/unbit/uwsgi/issues/2099 - # [3] https://github.com/unbit/uwsgi/pull/752 - - rst_para "\ -Fedora uses emperor-tyrant mode / in this mode we had a lot of trouble with -sockets and permissions of the vasals. We recommend to setup a redis DB -and using redis:// TCP protocol in the settings.yml configuration." - ;; - *) - if ask_yn "Do you want to install the redis DB now?" Yn; then - searxng.install.redis - uWSGI_restart "$SEARXNG_UWSGI_APP" - fi - ;; - esac + if ask_yn "Do you want to install the valkey DB now?" Yn; then + searxng.install.valkey + uWSGI_restart "$SEARXNG_UWSGI_APP" + fi } searxng.install.http.site() { @@ -380,16 +344,16 @@ searxng.install.http.site() { } searxng.remove.all() { - local redis_url + local valkey_url rst_title "De-Install SearXNG (service)" if ! ask_yn "Do you really want to deinstall SearXNG?"; then return fi - redis_url=$(searxng.instance.get_setting redis.url) - if ! [[ ${redis_url} = unix://${REDIS_HOME}/run/redis.sock* ]]; then - searxng.remove.redis + valkey_url=$(searxng.instance.get_setting valkey.url) + if ! [[ ${valkey_url} = unix://${VALKEY_HOME}/run/valkey.sock* ]]; then + searxng.remove.valkey fi searxng.remove.uwsgi @@ -642,19 +606,18 @@ searxng.remove.uwsgi() { uWSGI_remove_app "${SEARXNG_UWSGI_APP}" } -searxng.install.redis() { - rst_title "SearXNG (install redis)" - redis.build - redis.install - redis.addgrp "${SERVICE_USER}" -} - searxng.remove.redis() { rst_title "SearXNG (remove redis)" redis.rmgrp "${SERVICE_USER}" redis.remove } +searxng.install.valkey() { + rst_title "SearXNG (install valkey)" + valkey.install +} + + searxng.instance.localtest() { rst_title "Test SearXNG instance locally" section rst_para "Activate debug mode, start a minimal SearXNG "\ @@ -690,11 +653,11 @@ To install uWSGI use:: die 42 "SearXNG's uWSGI app not available" fi - if ! searxng.instance.exec python -c "from searx import redisdb; redisdb.initialize() or exit(42)"; then + if ! searxng.instance.exec python -c "from searx import valkeydb; valkeydb.initialize() or exit(42)"; then rst_para "\ -The configured redis DB is not available: If your server is public to the +The configured valkey DB is not available: If your server is public to the internet, you should setup a bot protection to block excessively bot queries. -Bot protection requires a redis DB. About bot protection visit the official +Bot protection requires a valkey DB. About bot protection visit the official SearXNG documentation and query for the word 'limiter'. " fi diff --git a/utils/searxng_check.py b/utils/searxng_check.py index 0bff756ad..b597b3e79 100644 --- a/utils/searxng_check.py +++ b/utils/searxng_check.py @@ -34,8 +34,11 @@ if os.path.isfile(OLD_BRAND_ENV): msg = ('%s is no longer needed, remove the file' % (OLD_BRAND_ENV)) warnings.warn(msg, DeprecationWarning) -from searx import redisdb, get_setting +from searx import valkeydb, get_setting -if not redisdb.initialize(): - warnings.warn("can't connect to redis DB at: %s" % get_setting('redis.url'), RuntimeWarning, stacklevel=2) - warnings.warn("--> no bot protection without redis DB", RuntimeWarning, stacklevel=2) +if get_setting('redis.url'): + warnings.warn("setting redis.url is deprecated, use valkey.url", RuntimeWarning, stacklevel=2) + +if not valkeydb.initialize(): + warnings.warn("can't connect to valkey DB at: %s" % get_setting('valkey.url'), RuntimeWarning, stacklevel=2) + warnings.warn("--> no bot protection without valkey DB", RuntimeWarning, stacklevel=2) diff --git a/utils/templates/etc/apt/sources.list.d/debian-stable-backports.sources b/utils/templates/etc/apt/sources.list.d/debian-stable-backports.sources new file mode 100644 index 000000000..251b2ccb7 --- /dev/null +++ b/utils/templates/etc/apt/sources.list.d/debian-stable-backports.sources @@ -0,0 +1,6 @@ +Types: deb deb-src +URIs: http://deb.debian.org/debian +Suites: stable-backports +Components: main contrib non-free non-free-firmware +Enabled: yes +Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg diff --git a/utils/templates/etc/apt/sources.list.d/ubuntu-stable-backports.sources b/utils/templates/etc/apt/sources.list.d/ubuntu-stable-backports.sources new file mode 100644 index 000000000..a429a1349 --- /dev/null +++ b/utils/templates/etc/apt/sources.list.d/ubuntu-stable-backports.sources @@ -0,0 +1,6 @@ +Types: deb deb-src +URIs: http://us.archive.ubuntu.com/ubuntu/ +Suites: ${DIST_VERSION_CODENAME}-backports +Components: main multiverse restricted universe +Enabled: yes +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg diff --git a/utils/templates/etc/searxng/settings.yml b/utils/templates/etc/searxng/settings.yml index c5ecbd777..b5da38ebd 100644 --- a/utils/templates/etc/searxng/settings.yml +++ b/utils/templates/etc/searxng/settings.yml @@ -21,9 +21,9 @@ server: # by ${SEARXNG_BASE_URL}. # base_url: http://example.com/location -redis: - # URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}. - url: unix:///usr/local/searxng-redis/run/redis.sock?db=0 +valkey: + # URL to connect valkey database. Is overwritten by ${SEARXNG_VALKEY_URL}. + url: valkey://localhost:6379/0 ui: static_use_hash: true diff --git a/utils/templates/lib/systemd/system/searxng-redis.service b/utils/templates/lib/systemd/system/searxng-redis.service deleted file mode 100644 index d1d163f04..000000000 --- a/utils/templates/lib/systemd/system/searxng-redis.service +++ /dev/null @@ -1,42 +0,0 @@ -[Unit] - -Description=SearXNG redis service -After=syslog.target -After=network.target -Documentation=https://redis.io/documentation - -[Service] - -Type=simple -User=${REDIS_USER} -Group=${REDIS_USER} -WorkingDirectory=${REDIS_HOME} -Restart=always -TimeoutStopSec=0 - -Environment=USER=${REDIS_USER} HOME=${REDIS_HOME} -ExecStart=${REDIS_HOME_BIN}/redis-server ${REDIS_CONF} -ExecPaths=${REDIS_HOME_BIN} - -LimitNOFILE=65535 -NoNewPrivileges=true -PrivateDevices=yes - -# ProtectSystem=full -ProtectHome=yes -ReadOnlyDirectories=/ -ReadWritePaths=-${REDIS_HOME}/run - -UMask=007 -PrivateTmp=yes - -MemoryDenyWriteExecute=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -RestrictRealtime=true -RestrictNamespaces=true - -[Install] - -WantedBy=multi-user.target |